Trying to use security_group_rule with ec2 classic blows up

[pcn]

Trying to set up a pair of EC2 SGs in ec2-classic so they have rules that allow ingress to one another.

Here's an approximation:

resource "aws_security_group" "sg_classic_tier_saltmaster" {
  name = "sg_classic_tier_saltmaster"
}

# Generic SGs not tied to a specific tier
resource "aws_security_group" "sg_classic_minion" {
  name = "sg_classic_minion"
}

resource "aws_security_group_rule" "allow_salt_master_to_ssh_to_minions" {
    type = "ingress"
    from_port = 22
    to_port = 22
    protocol = "tcp"
    security_group_id = "${aws_security_group.sg_classic_tier_saltmaster.id}"
    source_security_group_id = "${aws_security_group.sg_classic_minion.name}"
}

Note that for source_security_group_id, the name needs to be used or else the SG won't get found in ec2 classic.

The effect here is that after creating a plan, then applying that plan, the changes are made (port 22 is permitted) but the crash happens before the state file is written. So upon the next run, it complains that the rules already exist.

Crash log:
https://gist.github.com/pcn/a1912e44aec5a5c6c272

[catsby]

Hey @pcn – sorry for the silence here. I think this is related to #4983 so I'm going to work on getting that merged first. There's another user who's commented on some other fixes, which I think will address this, we just need to get them into pull request form.

Thanks

[catsby]

I merged #5533 which fixes this. Please let me know if you're still having trouble here, and sorry for the hassle 😄

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.